PayPal Security Loophole

Banknote - 50.000.000 Mark - Deutsches Reich - 25.07.1923 Public Domain

Criminals see PayPal related messages as an easy route for fraud.  Many such requests are quick to spot as they do not relate to any known purchase.  Another tell-tale sign is that the sender’s details and any web links within the message do not follow the expected PayPal URL format although scammers often go a long way towards imitating this.

One way that fraudsters avoid being revealed through the message header code or URL text is to work from within genuine PayPal account.  This could be one that they own or a compromised account that they have gained access to.  The receiver of the message will be reassured that any email header and PayPal links are all genuine (because they are) and following it through will lead to details of an authentic transaction request on PayPal. The trick is to put the key to their scam within the ‘note’ section of a genuine invoice or request for funds.   This section is designed for messages about the goods exchanged but is not strongly regulated by PayPal.  A genuine use might be for the address to send goods but in this scam it will include details on how to complain if the transaction seems to be in error. These contact details will not lead to PayPal but some portal controlled by the fraudster.

The hook revolves around sending a PayPal invoice or request for funds that is clearly in error and the receiver reporting the incident to PayPal. The contact web link or phone number listed within the transaction note is the entry into the fraudster’s system.  The mark will report the PayPal transaction to avoid any automated transfer of funds but instead will be tricked into disclosing personal details or downloading malware.  In this example from KrebsonSecurity a spoof call centre attempted to have the mark download a remote administration tool.

PayPal recognise that scammers attempt to manipulate their systems and offer advice to users who see suspicious activity.  In cases where a request appears to be from PayPal the receiver should search for contact details for PayPal on-line and not rely on any embedded within the original message.  The original message should be forwarded to phishing@paypal.com who will investigate the source account.

More from Security

22/04/2025

UK Cyber Security and Resilience Bill Policy Statement

The UK government chose 1st April 2025 to release details of its upcoming Cyber Security and Resilience Bill. The Bill is due to introduced …

Read post

25/03/2025

UK Government Ransomware Payment Proposals

A UK government open consultation is running from 14th January to 8th April 2025. Its aim is to gather possible reactions to legislation preventing …

Read post

18/03/2025

Windows 10 Support To End

Microsoft has announced that support for Windows 10 will end on 14th October 2025. Microsoft want their users to move to their latest Operating …

Read post

03/02/2025

Smart Ring Security

Smart Rings are following up on Smart Watches as an attractive consumer wearable. Costs and services offered vary widely but typically include health and …

Read post

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus

    Categories